projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
luci-app-splash: protect admin status call with csrf token
[project/luci.git] / applications / luci-app-splash / luasrc / view / admin_status / splash.htm
diff --git a/applications/luci-app-splash/luasrc/view/admin_status/splash.htm b/applications/luci-app-splash/luasrc/view/admin_status/splash.htm
index 23982d4..3415c20 100644 (file)
--- a/applications/luci-app-splash/luasrc/view/admin_status/splash.htm
+++ b/applications/luci-app-splash/luasrc/view/admin_status/splash.htm
@@ -214,7 +214,7 @@ end
        <fieldset id="cbi-table-table" class="cbi-section">
                <legend><%:Active Clients%></legend>
                <div class="cbi-section-node">
-                       <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><% end %>
+                       <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><input type="hidden" name="token" value="<%=token%>" /><% end %>
                        <table class="cbi-section-table">
                                <thead>
                                        <tr class="cbi-section-table-titles">
Lua Configuration Interface (mirror)